General
-
Target
Celery.exe
-
Size
800.0MB
-
Sample
240426-z64lfacd84
-
MD5
b4c744abf264ef21108c72d281704b41
-
SHA1
f865c64edce99bade55b7d097d8dda842655cc55
-
SHA256
321f32aca8d188e7164272993d747933c61e15e852f90035c99c09dec2d4f2b5
-
SHA512
1e9386367aea49f5a86ed34793179e52c45f250ad7776bd212eeea2c91d09e7b0e18ca69353092d3c206bd94a97cd01a9247df8260b5368becede52c4c5d0961
-
SSDEEP
49152:uWBRH4OPyauD8t5WJEmdwAl/zSC++SKQ:uWBRHrPyauD8tRKzSCMJ
Static task
static1
Behavioral task
behavioral1
Sample
Celery.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Celery.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Celery.exe
-
Size
800.0MB
-
MD5
b4c744abf264ef21108c72d281704b41
-
SHA1
f865c64edce99bade55b7d097d8dda842655cc55
-
SHA256
321f32aca8d188e7164272993d747933c61e15e852f90035c99c09dec2d4f2b5
-
SHA512
1e9386367aea49f5a86ed34793179e52c45f250ad7776bd212eeea2c91d09e7b0e18ca69353092d3c206bd94a97cd01a9247df8260b5368becede52c4c5d0961
-
SSDEEP
49152:uWBRH4OPyauD8t5WJEmdwAl/zSC++SKQ:uWBRHrPyauD8tRKzSCMJ
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-